The GlueCode team is preparing to pursue portlet-level security for
Jetspeed -- that is, the ability to make portlets visible to only
certain users. Of course, we want to build this on the existing Turbine
group/role/permission scheme.
Our initial thought is that adding attributes in jetspeed-config.jcfg of
roughly this form
<viewable-by group="foo" role="bar" perm="baz" />
would be a good way to encode the permissions. In the absence of any
such attributes, the default would be viewable by all.
A reasonable "choke point" at which to limit access to portlets would
appear to be PortletConfig.getPortletSet(). The set returned could be
filtered to remove portlets for which the user does not have permission.
This would suffice to control access both to portlets on the portal
page, and listing of portlets on the customization page (which we're
working to extend, by the way).
Thoughts on this approach, please?
--
Craig Berry - (310) 570-4140
VP Technology
GlueCode
1452 Second St
Santa Monica CA 90401
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Search: <http://www.mail-archive.com/jetspeed@list.working-dogs.com/>
List Help?: [EMAIL PROTECTED]
